Basic Security Group
π¦ Overviewβ
This Terraform module provisions a basic AWS Security Group that allows for one ingress and one egress rule, scoped to a single VPC.
Itβs a quick-start solution for applying basic access control to compute resources such as EC2 instances, ECS tasks, or Lambda functions within a VPC.
β Key Featuresβ
- Creates a named security group within a specified VPC
- Allows one customizable ingress rule (port/protocol/CIDR)
- Allows one customizable egress rule (port/protocol/CIDR)
- Tags the security group with environment metadata
πΌ Use Casesβ
- Granting inbound web traffic (e.g., HTTP on port 80)
- Enabling outbound access to internet or other services
- Attaching to single-purpose workloads with minimal exposure
- Testing baseline connectivity within a VPC subnet
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for deployment |
| vpc_id | string | ID of the VPC where the security group will be created |
| ingress_from_port | number | Starting port for the ingress rule |
| ingress_to_port | number | Ending port for the ingress rule |
| ingress_protocol | string | Protocol for the ingress rule (e.g., tcp, udp) |
| ingress_cidr_block | string | CIDR block allowed to access via ingress |
| egress_from_port | number | Starting port for the egress rule |
| egress_to_port | number | Ending port for the egress rule |
| egress_protocol | string | Protocol for the egress rule (e.g., -1 for all) |
| egress_cidr_block | string | CIDR block allowed via egress |
| environment | string | Deployment environment tag (e.g., dev, staging, prod) |
π€ Outputsβ
| Name | Description |
|---|---|
| security_group_id | The ID of the created security group |
| security_group_name | The name of the created security group |
| vpc_id | The VPC ID where the security group resides |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires permissions for EC2 security group operations
π οΈ Example Usageβ
module "security_group_basic" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network-security/security-group-basic?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
ingress_from_port = 80
ingress_to_port = 80
ingress_protocol = "tcp"
ingress_cidr_block = "0.0.0.0/0"
egress_from_port = 0
egress_to_port = 0
egress_protocol = "-1"
egress_cidr_block = "0.0.0.0/0"
environment = "dev"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (for production):
Delete the security group manually via the AWS Console or CLI if itβs part of an integrated setup to avoid service interruption.
π‘οΈ Notesβ
This is a Level 1 module meant for single-rule baseline security.
For services requiring multiple rules, chaining dependencies, or complex access patterns, use this in conjunction with other security group modules or a Level 2 network stack.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.